CVE-2022-35242 - OpenCVE

Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
59sec	The Leads Management System\

Configuration 1 [-]

cpe:2.3:a:59sec:the_leads_management_system\:_59sec_lite:*:*:*:*:*:wordpress:*:*

No data.

References

Link	Providers
https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability
https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/

History

No history.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2022-08-23T15:45:54.736763Z

Updated: 2024-09-16T17:58:24.869Z

Reserved: 2022-08-09T00:00:00

Link: CVE-2022-35242

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-23T16:15:10.740

Modified: 2023-06-29T15:31:32.067

Link: CVE-2022-35242

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "THE Leads Management System: 59sec LITE (WordPress plugin)", "vendor": "59sec", "versions": [{"lessThanOrEqual": "3.4.1", "status": "affected", "version": "<= 3.4.1", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"}], "datePublic": "2022-08-12T00:00:00", "descriptions": [{"lang": "en", "value": "Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-264", "description": "CWE-264 Permissions, Privileges, and Access Controls", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-23T15:45:54", "orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "audit@patchstack.com", "DATE_PUBLIC": "2022-08-12T00:19:00.000Z", "ID": "CVE-2022-35242", "STATE": "PUBLIC", "TITLE": "WordPress THE Leads Management System: 59sec LITE plugin <= 3.4.1 - Unauthenticated plugin settings change vulnerability"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "THE Leads Management System: 59sec LITE (WordPress plugin)", "version": {"version_data": [{"version_affected": "<=", "version_name": "<= 3.4.1", "version_value": "3.4.1"}]}}]}, "vendor_name": "59sec"}]}}, "credit": [{"lang": "eng", "value": "Vulnerability discovered by ptsfence (Patchstack Alliance)"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-264 Permissions, Privileges, and Access Controls"}]}]}, "references": {"reference_data": [{"name": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability", "refsource": "CONFIRM", "url": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability"}, {"name": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/", "refsource": "CONFIRM", "url": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"}]}, "source": {"discovery": "EXTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T09:29:17.427Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"}]}]}, "cveMetadata": {"assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "assignerShortName": "Patchstack", "cveId": "CVE-2022-35242", "datePublished": "2022-08-23T15:45:54.736763Z", "dateReserved": "2022-08-09T00:00:00", "dateUpdated": "2024-09-16T17:58:24.869Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:59sec:the_leads_management_system\\:_59sec_lite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "D7F9A824-66C2-496C-9818-AE0D4A005C89", "versionEndIncluding": "3.4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Unauthenticated plugin settings change vulnerability in 59sec THE Leads Management System: 59sec LITE plugin <= 3.4.1 at WordPress."}, {"lang": "es", "value": "Una vulnerabilidad de cambio de configuraci\u00f3n del plugin sin autenticaci\u00f3n en 59sec THE Leads Management System: 59sec LITE plugin versiones anteriores a 3.4.1 incluy\u00e9ndola, en WordPress."}], "id": "CVE-2022-35242", "lastModified": "2023-06-29T15:31:32.067", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "audit@patchstack.com", "type": "Secondary"}]}, "published": "2022-08-23T16:15:10.740", "references": [{"source": "audit@patchstack.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://patchstack.com/database/vulnerability/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/wordpress-the-leads-management-system-59sec-lite-plugin-3-4-1-unauthenticated-plugin-settings-change-vulnerability"}, {"source": "audit@patchstack.com", "tags": ["Third Party Advisory"], "url": "https://wordpress.org/plugins/59sec-lite-contact-form-7-push-notifications-on-ios-and-android/"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-264"}], "source": "audit@patchstack.com", "type": "Secondary"}]}